EU Data Protection Authorities have set up a task force to investigate the issues regarding harvesting personal data from social media for micro-targeting for commercial or political reasons. The task force will coordinate the various European investigations on Facebook. The Facebook Contact Group includes the Data Protection Authorities of Belgium, France, Germany (Hamburg), the Netherlands and Spain. In Europe, Facebook falls under the jurisdiction of Ireland’s Data Protection Commissioner who has asked for a referral to the European Court of Justice in a case concerning Facebook’s data transfers and use of standard contractual clauses. Other DPAs have conducted investigations into Facebook’s privacy policy and use of cookies. In Belgium, this has led to a court action which resulted in the imposition of a fine. In the United Kingdom, the Information Commissioner is currently conducting an inquiry which is not only looking at Facebook but 30 organisations – social media platforms, data companies, campaigns and political parties – to examine how personal data is used in modern political campaigns. Elizabeth Denham, Information Commissioner, has issued 19 Information Notices in this inquiry. Refusal to respond adequately is a criminal offence which could lead to an unlimited fine in a Crown Court. Spain’s AEPD, the Data Protection Authority, has opened an investigation against Facebook in order to examine the possible harm caused to Spanish users. In Italy, the Garante (DPA) met at its office in Rome with Facebook on Tuesday 24 April to ask for clarifications on any breaches committed in Italy. Facebook offered to provide information on:

the political marketing companies which have accessed users’ data;

information on facial recognition policies and technologies;

its compliance process in the light of the EU General Data Protection Regulation;